Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Python
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Linux Network Security
This course is provided by Wintrac. Wintrac provides one stop shopping for all your IT training needs. Wintrac’s course catalog of over two thousand courses includes courses on Security Training

Overview

This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols used in Linux, UNIX, and Windows are examined. After a detailed discussion of the TCP/IP suite component protocols and Ethernet operation, the student practices using various tools to capture, analyze, and generate IP traffic. Students then explore the tools and techniques used to exploit protocol weaknesses and perform more advanced network attacks. After building a thorough understanding of network based attacks, course focus shifts to the defensive solutions available. Students install, configure, and test one of the most popular and powerful NIDS solutions available. Finally, students create a Linux based router / firewall solution, including advanced functionality such as NAT, policy routing, and traffic shaping

Prerequisites

Since the tools used in class are compiled and run on a Linux system, Linux or UNIX system experience is helpful, but not necessary. A solid background in networking concepts will greatly aid in comprehension. This is an intense class that covers many topics.

Course outline

SECTION 1   ETHERNET AND IP OPERATION

  • OSI Network Model
  • Application Layers
  • Network Services Layers
  • Moving Data Through The Stack
  • Data Link Layer Format
  • Ethernet Operation
  • Hub and Switch Operation
  • Ethernet Security Issues
  • Detecting Promiscuous NICs
  • Network Packet Capture
  • tcpdump
  • Ethereal
  • IPv4
  • IP Addressing
  • Differentiated Services
  • IP Fragmentation
  • Path MTU Discovery
  • ARP
  • ICMP
  • ICMP Redirects
  • Important ICMP Messages
  • ICMP Security Issues
  • Protecting Against ICMP Abuse
  • Lab 1 - Basic Traffic Generation, Capture, and Analysis
  • Capture and analyze ARP traffic with a variety of tools
  • Capture and analyze ICMP echo, unreachable, and redirect messages
  • Explore the differences between a variety of traffic capture utilities and their interfaces and options
SECTION 2  IP AND ARP VULNERABILITY ANALYSIS
  • IP Security Issues
  • IP Routing
  • Routing Protocol Security
  • Protecting Against IP Abuse
  • ARP Security Issues
  • Cache Poisoning with ARP Replies
  • Cache Poisoning with ARP Requests
  • ARP Cache Poisoning Defense
  • Lab 2 - Advanced Traffic Generation, and Capture
  • Learn to use a variety of tools to generate traffic, including forged headers.
  • Use ARP cache "poisoning" to capture traffic on a switched LAN
  • Use various techniques to discover if a NIC is in promiscuous mode
SECTION 3  UDP/TCP PROTOCOL AND TELNET VULNERABILITY ANALYSIS
  • User Datagram Protocol
  • UDP Segment Format
  • Transmission Control Protocol
  • TCP Segment Format
  • TCP Port Numbers
  • TCP Sequence / Acknowledgment #’s
  • TCP Three-way Handshake
  • TCP Window Size
  • The TCP State Machine
  • The TCP State Transitions
  • TCP Connection Termination
  • TCP SYN Attack
  • TCP Sequence Guessing
  • TCP Connection Hijacking
  • Telnet
  • Telnet Concepts - Options
  • Telnet Concepts - Commands
  • Telnet Security Concerns
  • Lab 3 - Attacks on TCP
  • Use forged packets to slow and kill TCP sessions.
  • Monitor and hijack a telnet session
SECTION 4   FTP AND HTTP VULNERABILITY ANALYSIS
  • FTP
  • Modes
  • Transfer Methods
  • Security Concerns
  • The Bounce Attack
  • Minimizing Risk
  • FTP - Port Stealing
  • Brute-force Attacks
  • Access Restriction
  • Privacy
  • HTTPv1.1
  • HTTP Protocol Parameters
  • HTTP Message
  • HTTP Request/Method Definitions
  • Response/Status Codes
  • Proxies
  • Authentication
  • Security Concerns
  • Personal Information
  • Attacks On File and Path Names
  • Header Spoofing
  • Auth Credentials and Idle Clients
  • Proxy Servers
  • Lab 4 - Attacks on FTP and HTTP
  • Use dsniff to capture FTP and HTTP passwords
  • Bonus exercise: Use urlsnarf and webspy to monitor a web browser
SECTION 5   DNS PROTOCOL VULNERABILITY ANALYSIS
  • DNS
  • DNS Basic Concepts and Terms
  • DNS Resolution
  • DNS Zone Transfers
  • DNS Spoofing
  • DNS Cache Poisoning
  • DNS Security Improvements
  • Lab 5 - Attacks on DNS
  • Use dnsspoof to forge DNS responses to redirect web traffic
  • Use forged DNS responses to circumvent host based access security
SECTION 6   SSH AND HTTPS PROTOCOL VULNERABILITY ANALYSIS
  • SSH Concepts
  • Initial Connection
  • Protocols
  • SSH1
  • SSH2
  • Encryption Vulnerabilities
  • SSH Vulnerabilities
  • SSH1 Insertion Attack
  • SSH Brute Force Attack
  • SSH1 CRC Compensation Attack
  • Bleichenbacher Oracle
  • SSH1 Session Key Recovery
  • Client Authentication Forwarding
  • Host Authentication Bypass
  • X Session Forwarding
  • HTTPS Protocol Analysis
  • SSL Enabled Protocols
  • SSL protocol
  • SSL Layers
  • The SSL Handshake
  • SSL Vulnerabilities
  • Intercepted Change Cipher Spec
  • Intercepted Key Exchange
  • Version Rollback Attack
  • Lab 6 - HTTPS and SSH
  • Perform a man-in-the-middle attack on secure web connections.
  • Perform a man-in-the-middle attack on SSH v1 connections.
  • Perform a timing and packet length attack on SSH v1 and SSH v2 connections.
SECTION 7   REMOTE OPERATING SYSTEM DETECTION
  • OS Detection
  • Banners
  • Commands
  • Less-direct Approaches
  • TCP/IP Stack Fingerprinting
  • Remote Fingerprinting Apps
  • nmap
  • Lab 7 - Using nmap
  • Use the Nmap utility to perform general network sweep scans.
  • Use Nmap to perform a wide variety of scans on a host.
  • Use Nmap to perform TCP/IP fingerprinting for remote OS detection.
SECTION 8   ATTACKS AND BASIC ATTACK DETECTION
  • Sources of Attack
  • Denial-of-Service Attacks
  • Methods of Intrusion
  • Exploit Software Bugs
  • Exploit System Confiuration
  • Exploit Design Flaws
  • Password cracking
  • Typical Intrusion Scenario
  • Intrusion Detection
  • IDS Considerations
  • Attack Detection Tools
  • Klaxon
  • PortSentry
  • PortSentry Design
  • Snort
  • Lab 8 - Basic Scan Detection
  • Examine standard system logs and statistics for signs of attack
  • Configure portsentry to log port scans from nmap
  • Configure portsentry for active response to port scans
SECTION 9   INTRUSION DETECTION TECHNOLOGIES
  • Intrusion Detection Systems
  • Host Based IDS
  • Network Based IDS
  • Network Node IDS
  • File Integrity Checkers
  • Hybrid NIDS
  • Honeypots
  • Focused Monitors
  • Snort Architecture
  • Snort Detection Rules
  • Snort Logs and Alerts
  • Snort Rules
  • Lab 9 - Exploring Snort
  • Install snort
  • Test Snort to see if it detects Nmap scans
  • Use Snort to examine network traffic in decoded text format
  • Use Snort to capture all network packets in tcpdump-style binary logs
  • Use tethereal to analyze captured packets
  • Setup Snort to log to SYSLOG
SECTION 10   ADVANCED SNORT CONFIGURATION
  • Advanced snort Features
  • snort Add-ons
  • ACID Web Console
  • The ACID Interface
  • SnortCenter Management
  • Lab 10 - Snort Tools
  • Set up a new MySQL database for use with snort
  • Configure snort to log to the new database
  • Set up and test the ACID analysis tool
  • Setup and configure SnortCenter
  • Install and configure the Linux SnortCenter Sensor Agent
  • Observe how snort and ACID respond to attacks.
SECTION 11   SNORT RULES
  • Snort Rules Format
  • Snort Rules Options
  • Writing Snort Rules
  • Example Rules
  • Lab 11 - Custom Snort Rules
  • Capture packet from exploit that Snort does not currently detect
  • Write a custom rule for snort to detect the exploit
  • Verify exploit detection
SECTION 12   LINUX AND STATIC ROUTING
  • Linux As a Router
  • Linux Router Minimum Requirements
  • Router Focused Distributions
  • Router Specific Settings
  • Lab 12 - Static Routing
  • Configure your host to act as a router
  • Configure and test “automatic” anti-spoofing protection
  • Configure the system to implement the above automatically on reboot
SECTION 13   LINUX FIREWALLS
  • Types of Firewalls
  • Application Firewalls:TCP Wrappers
  • Application Firewalls: Squid
  • Packet Filter: ipchains
  • Stateful Packet Filter: iptables
  • Firewall Topology
  • Recommended Firewall Rules
  • Firewall Limitations
  • iptables Concepts
  • Using iptables
  • Advanced iptables Actions
  • iptables: A More Secure Approach
  • Lab 13 – IPtables
  • Use iptables to filter traffic destined to your host
  • Use iptables to log traffic destined to a specific port on your host
SECTION 14   NETWORK AND PORT ADDRESS TRANSLATION
  • Address Translation
  • Configuring NAT and PAT
  • NAT Limitations
  • Security Using NAT and PAT
  • Detecting NAT
  • Lab 14 – NAT
  • Configure your station to perform SNAT
  • Configure DNAT to forward connections back to a 'NAT'ed host
  • Configure a 1 to 1 IP mapping for a 'NAT'ed host
SECTION 15  IP POLICY ROUTING
  • Advanced Routing
  • Replacing ifconfig with ip
  • Replacing route and arp
  • Policy Routing
  • Linux Policy Routing
  • Linux Policy Routing Rules
  • Lab 15 - Policy Routing
  • Mark packets based on protocol
  • Route telnet packets via one interface
  • Route ssh traffic via other interface
  • Confirm routing using tcpdump on client machine

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved